On 12/11/2019 20:04, Diane wrote: > Hello, > > I have a need regarding Dnsmasq: > > I want to have "standard" (i.e. logs that are enabled by defualt) logs > in syslog, and I also want to retrieve every DNS query / config / > response, as to be able to build some stats on them. > > I have the following constraints that make using the current > implementation unusable for this need: > > - I don't want to pollute syslog with DNS query logs *at all*, but > journald still doesn't provide a way to propery filter / redirect logs; > - I still want to have my standard dnsmasq logs in the syslog; > - I don't want to depend on the underlying syslog implementation (being > rsyslog, syslog-ng, or anything else), partly due to the fact that this > need is encountered on multiple linux distros with their own syslog > choice; > - Some of those log facilities may not support log dropping (i.e. > keeping "standard" logs, and drop every redirected logs). > > Now, I'm trying to find some solutions. > > Would the best way really be to have a small log facility daemon > running for this specific process? That seems cumbersome. > > The configuration key `log-queries` exists, wouldn't it be possible to > add the following behaviour? > > - If `log-queries=` is defined but has an empty value, use the current > behaviour; > - If `log-queries=` points towards a filesystem path, exclusively write > query logs into the given file; > - If `log-queries=` is equal to, let's say "syslog", or a non- > filesystem value (e.g. a syslog id), write query logs into the used > syslog, but with *a different process key*, as to defer log handling, > but as to avoid mixing both logs. > > Any idea or solution for this issue? > >
One possibility would be to ignore the logging facility entirely, and use the packet-dump options to write the queries and/or answers in pcap format to a file which you could then run through tcpdump or a DNS packet analyser of your choice, see the --dumpfile option for details. Simon.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss